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I. Basis of the report 

1 . With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70. 1 7)): 

Description, Pages 

1 -38 as originally filed 

Claims, Numbers 

1 -26 filed with telefax on 1 7.03.2004 

Drawings, Sheets 

1 /6-6/6 as originally filed 

2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless othenwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the intemational search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under 
Rule 55.2 andA>r 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the intemational application in written form. 

□ filed together with the international application in computer readable form, 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure 
in the intemational application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is Identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 

□ the drawings, sheets: 
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5. □ This report has been established as if (some of) the amendments had not been made, since they have 

been considered to go beyond the disclosure as filed (Rule 70.2(c)). 

(Any replacement sheet containing such amendments must be refenred to under item 1 and annexed to this 
report.) 

6. Additional observations, if necessary: 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step, or industrial applicability; 
citations and explanations supporting such statement . 



1. Statement 



Novelty (N) 



Yes: Claims 
No: Claims 



3,6,1 1 ,1 2,1 3,1 4,1 5,1 6, 1 7,1 8,1 9,20,21 
1 ,2,4,5,7,8,9,10,22.23,24,25,26 



Inventive step (IS) 



Yes: Claims 
No: Claims 



1-26 



Industrial applicability (lA) 



Yes: Claims 
No: Claims 



1-26 



2. Citations and* explanations 



see separate sheet 
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Re Item V 

Reasoned statement under Article 35(2) with regard to novelty, inventive step or 
industrial applicability; citations and explanations supporting such statement 

1 . The following documents (D) are mentioned: 

D1 : US 2001/047487 A1 (LINNAKANGAS TOMMI ET AL) 29 November 2001 
(2001-11-29) 

D2: US 2001/009025 A1 (AHONEN PAS! MATTI KALEVj) 19 July 2001 (2001- 
07-19) 

D3: WO 00 78008 A (SSH COMM SECURITY LTD ;KIVINEN TERO (Fl); 

YLOENEN TATU (Ft)) 21 December 2000 (2000-12-21) 
D4: US 2001/020273 A1 (MURAKAWA YASUSHI) 6 September 2001 (2001-09- 

06) 

2. Claim 22 lacks novelty (Article 33(2) PCT). 

2.1 Document D1 , which is considered to represent the most relevant state of the art 
for claim 1 , discloses according to the subject-matter of claim 1 : 

• Telecommunication network for secure forwarding of messages, comprising 
at least a first computer, a second computer and an intermediate computer 
(paragraph 24, lines 4-8) 

characterized in that 

• the first and the second computers have means to perform IPSec processing 
(paragraph 24, lines 4-8), 

• and the intermediate computer have translation tables to perform IPSec and 
IKE translation (paragraph 24, lines 11-15). 

3. The features of independent claim 22 are also disclosed in any of D2 (see e.g. 
figures 1, 5; paragraphs 4, 5, 48), D3 (see e.g. page 3, line 24 - page 4, line 10; 
page 9, lines 7-13; figures la, 1b, 3) and D4 (see e.g. paragraphs 71-76). 

4. If novelty were disputable based on minor differences of interpretation, it is 
pointed out that the subject-matter of claim 22 would still not involve an inventive 
step (Article 33(3) PCT). 
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5. The subject-matter of Independent method claim 1 coiresponds to the subject- 
matter of independent apparatus claim 22. Thus, claim 1 also lacks novelty (Article 
33(2) PCT). 

6. Dependent claims do not contain any subject-matter which, in combination with 
the subject-matter to which they refer, meet the requirements of the PCT in 
respect of novelty and inventive step (Article 33(2) and (3) PCT). They are either 
disclosed in D1 (e.g. "the secure message is formed by using an IPSec 
connection between the first computer and the second computer"; "preceding 
distribution of keys for forming the IPSec connection is performed by an 
automated key exchange protocol"), in D2 (e.g "the request for registration is 
encrypted") or common measures (e.g. "forwarding of the message is performed 
by making use of the SSL orTLS protocols"; "the secure message is sent using 
IPSec tunnel mode"; "the secure message is sent using IPSec transport mode") 
obvious for a person skilled in the art. 
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CLAIMS 



1 . Method for secure forwarding of a message from a first computer to a 
second computer via an intermediate computer in a telecommunication network, 

S characterized by 

a) forming a message in the first computer or in a computer that is served by the 
first computer, and in the latter case sending the message to the first computer, 

b) in the first computer, forming a secure message by giving the message a unique 
identity and a destination address, 

10 c) sending the message from the first computer to the intermediate computer, 

d) using said destination address and the unique identity to find an address to the 
second computer, 

e) substituting the current destination address with the found address to the second 
computer, 

IS f) substituting the unique ictentity with another unique identity, 
g) forwarding the message to the second computer. 

2. Method of daim 1, characterized in that the secure foiwarding of the 
message is performed by making use of . the IPSec jarotocols, whereby the secure 

20 message is formed in step b) by using an IPSec connection between the first 
computer and the second computer formed for this purpose in the method. 

3. Method of claim 1, characterized in that the secure foiwarding of the 
message is performed by making use.of the SSL or TLS protocols. 

25 

4. Method of claim 2, characterized in that a preceding distribution of keys to 
the components for forming the IPSec connection is performed manually. 

5. Method of daim 2, c h.a r a c t e r i z e d in that a preceding distribution of keys for 
30 fomiing the IPSec connection is performed by an automated key exchange 

protocol. 
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6. Method of daim 5, characterized in that the automated key exchange 
protocol between the first computer and the second computer is performed by 
means of a modified IKE key exchange protocol between the first computer and the 
intermediate computer and a .standard IKE key exchange protocol between the 
S intermediate computer and the second computer. 



7. Method of any of claims 2, 5 or 6^ characterized in that the message that is 
sent from the first computer in step c) is a packet and contains message data, an 
inner IP header containing the actual .sender aod jecejver addresses^ jan outer IP 

10 header containing the addresses of the first computer and the intermediate 
computer, a unique identity^ and other sex^nty parameters. 

8. Method of any of claims 2, 5 or 6, characterized in that that the IPSec 
connection is one or more security ass.ociations.<SA) and the unique identity is one 

IS or more SPI values and the other security parameters include the sequence 
number(s). 



9. Method of any of claims 1-8. characterized in that the matching in step d) 
is performed by means of a translation table stored at the intermediatexomputer. 

20 

10. Method of any of claims 1 -9, characterized in that both the address and 
the SPi-value are changed by the intermediate computer.in steps e) respective 

11. Method of any of claims 1 -10, characterized in that the first computer is a 
25 mobile terminal, whereby the mobility is enabled by modifying the translation table 

at the intermediate computer. 

12. Method of daim 11. characterized in that said modification of the translation 
tables is performed by sending a request for registration of the new address from 

30 the first computer to the intermediate computer, and optionally, by sending a 
registratioELceply from.the.intermediate computer to. the first computer. 
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1 3. Method of daim 12, c h a r a c t e r i z e d in that the registration and/or reply is 
authenticated and/or encrypted by IPSec. 

14. Method of any of claims 4-13. characterized in that the key distribution for 
S the secure connections is established by establishing an IKE protocol translation 

table, and using the translation table to modity IP addresses and cookie values Df 
IKE packets in the intermediate computer. 

15. Method of claim 14« c h.a r a .cte r iz e d in that the key exchange distribution Js 
10 established by 

generating an initiator cookie and sending a zero responder cookie to the second 
computer, 

generating a responder cookie in the second computer, 

establishing a mapping between IP addresses and IKE cookie values in the 
1 S intermediate computer, 

using a translation table to modify IKE packets in flight by modifying the extemal IP 
addresses and possibly IKE cookiesof the lKEpackets. 

16. Method of claim 14 or 15. characterized in that the modified IKE protocol 
20 between the first computer and the intermediate computer is modified such that. the 

IKE keys are transmitted from the first computer to the intermediate computer for 
decryption and modification of IKE^ackets. 

17. Method of claim 14 or 15, characterized in that in the modified IKE protocol 
25 between the first computer and the intermediate .cx)mputer the modification the 

IKE packets is done, by the first computer with the intermediate computer 
requesting such modifications. 

18. Method of claim 16, characterized in that the address is defined so that the 
30 first computer is identified for the second computer by the intermediate computer by 

means of an IP address taken from a pool of user IP addresses when forming the 
translation table. 
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19. Method of any of claims 1-18, characterized in that the^secure message Is 
sent using IPSec transport mode. 

20. Method of any of claims 1 -18, characterized In that the secure message is 
sent using IPSec tunnel mode. 

21 .Telecommunication network for secure forwarding of messages, comprising at least 
a first computer, a second computer and an intermediate computer, 
characterized In that 

the first and the second computers have means to perform IPSec processing, and 
the intermediate computer have means to perform IPSec translation. 

22. Network of claim 21, characterized In that the intermediate computer 
furthermore has means to perform IKE translation. 

23. Network of claim 21 or 22, c h a t a c t e r i z e d in that the means to perform 
IPSec translation and IKE translation xxDnsists of translation tables. 

24. Network of claim 22, c h a r a c t e r i z e d in that the translation table for IPSec 
translation comprising IP addressee of the intermediate computer to be matched 
with IP addresses of the second computer. 

25. Network of claim 22, characterijsed in that one of the mapping tables for 
IKE translation consists of two partitions, one for the communication between the 
first computer and the intermediate computer ^nd another for the communication 
between the Intermediate computer and the second computer. 

26. Network of claim 25, characterized in that both partitions of the mapping 
table for IKE translation contains translation fields for the source IP address, the 
destination IP address, initiator and responder cookies between .respective 
computers. 
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27. Network of claim 28, characterized in that there is another translation table 
for IKE translation containing fields for matching a given user to a given second 
computer. 



